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Amendments to the Claims; 

This listing of claims will replace all prior versions, and listings of claims in the application; 
Listing of ^Claims: 

1 . (Currently amended ) A computer program product for a client computing 
system including a processor includes; 

code that directs the processor to request a challenge from an authentication 

server; 

code that directs the processor to receive the challenge from the authentication 
server via a first secure communications channel, wherein the challenge comprising comprises , 
an identity code; 

code that directs the processor to receive user authentication data from a user; 

code that directs the processor to determine a private key and a digital certificate 
in response to the user authentication data; 

code mat directs the processor to form a digital signature in response to the 
identity code from the authentication server and the private key; 

code that directs the processor to communicate the digital signature to the 
authentication server, 

code that directs the processor to communicate the digital certificate to the 
authentication server, the digital certificate comprising a public key in an encrypted form; and 

code that directs the processor to communicate network user authentication data 
and the identity code to the authentication server via a security server, 

wherein the authentication server activates the identity code when the digital 
signature is verified, and 

wherein the codes reside on a tangible media. 
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2> (Original) The computer program productof claim 1 wherein fe 
identity code remains inactivate when the authentication server does not verify the digital 
signature. 

3. (Currently amended) The computer program product of claim 1 wham 
the security server comprises a server selected from the olaoa a group of servers consisting 
firewall server, VPN gateway server. 

4. (Original) The computer program product of claim 1 wherein cafe 
that directs the processor to determine the private key and the digital certificate in responsetofte 
user authentication data comprises code that directs the processor to determine a private key 
associated with the user when the user authentication data is correct, 

5. (Original) The computer program product of claim 4 wherein code 
that directs the processor to deteririane the private key and the digital certificate in response tofee 
user authentication data further comprises code that directs the processor to determine a private 
key not associated with the user when the user authentication data is incorrect. 

6. (Original) The computer program product of claim 1 further 
comprising code that directs the processor to receive network user authentication data from the 
user. 

7. (Original) The computer program product of claim 1 wherein code 
that directs the processor to receive user authentication data from a user comprises code that 
directs the processor to receive user authentication data and the network authentication data from 
the user. 

8. (Currently amended) A client computing system for communicating with 
a private server includes: 



PAGE 5/10 * RCVD AT 318/2005 3:19:46 PM [Eastern Standard Time] * SVR:USPT0€FXRF-1/1 ' DN1S:8729306 * CSID:6503262422 * DURATION (mm-ss):02-46 



12:3GPM 



?fl 650-326-2422 



NO . 443 



Appln. No. 09/896.163 p/ _ 
Amdi. darsd March 4, 2005 -£S&iL 
Reply to Notice of Non-Compliant Amendment dated March 1, 2005 

a tangible memory configured to store a key wallet, the key wallet includes 
private key associated with the user and a digital certificate associated with a user, the prim 
key and digital certificate stored in an encrypted form; 

a processor coupled to the tangible memory, the processor configured to recast a 
challenge from an authentication server via a first secure communications channel, the ch&^e 
comprising an identity code, configured to receive user authentication data from the user, 
configured to determine a retrieved private key and a retrieved digital certificate from the kef 
wallet in response to the user authentication data from the user; configured to form a digits 
signature in response to the identity code received from the authentication server and the 
retrieved private key, configured to communicate the digital signature to the authentication 
server, configured to communicate the digital certificate to the authentication server, and 
configured to communicate network user authentication data and the identity code to the 
authentication server via a security server, 

wherein the authentication server activates the identity code when the digital 
signature is verified, and 

wherein the security server allows the client computing system to communicate 
with the private server when the identity code is activated. 

9. (Original) The client computing system of claim S wherein the 
retrieved private key and the private key associated with the user are identical. 

10. (Original) The client computing system of claim 8 

wherein the retrieved private key and the private key associated with the user are 

different, and 

wherein when the retrieved private key and the private key associated with the 
user arc different the identity code remains inactive. 

11. Canceled. 



PAGE 0110 * RCVD AT 318/2005 3:19:4* PM [Eastern Standard Time]* SVR:USPT0-EFXRF.1/1 * DN1S:8729306 1 CSID:6503262422 ' DURATION (mm*s);0246 



E1PR. 12: 31PM TTC-PA 650-326-2432 NO. 443 P.,7 



AppJn.No.0W896j63 p_ T 
Amdu dated March 4, 2005 ^ 
Reply to Notice of Non-Compliant Amendment dated March 1, 2005 

12. (Currently amended) The client computing system of claim 8 whensnthe 
security server comprises a server selected from ihe-ekas a group of servers ennsi^fofr nf 
firewall server, VPN gateway server, electronic mail server, web server, database server, 
database system, application server. 

1 3. (Original) The client computing system of claim 8 wherein the 
tangible memory can be removed from the client computer. 

14. (Original) The client computing system of claim S wherein the 
processor is also configured to receive the network user authentication data from the user. 

15. (Currently amended) A client system for communicating with a remote 
server includes: 

a tangible memory configured to store key wallet program, the key wallet 
program configured to store a private key associated with the user and a digital certificate * 
associated with a user in protected forms; 

means for receiving a challenge from a verification server via a first secure 
communications channel, the challenge comprising at least a network password that is inactive; 

means for receiving at least a PIN from the user; 

means coupled to the tangible memory for determining a returned private key and 
a returned digital certificate from the key wallet in response to at least the PIN from the user, 

means for forming a digital signature in response to the network password 
received from the verification server and to the private key; 

means for communicating the digital certificate and the digital signature to the 
authentication server; and 

means for communicating at least the network password to a security server, 

wherein the network password is activated when the digital signature and digital 
certificate authenticate the user; and 

wherein the security server allows the client system to communicate with the 
remote server when the network password is activated. 
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16. (Original) The client system of claim 15 wherein the returned private 
key and the private key associated with the user are the same. 

17. (Currently amended) The client system of claim 1 6 

wherein Che means for determin ing a returned private kev comprises means for 
determining the returned private key in response to the PIN from the user, and a p re-H^ny^ 
P?N, wherein when the PIN from the user and the p r e-determined PIN are different the retnmed 
p/ivate key is different from, the private key associated with the user are different, wherein 
when the PIN from the user and the p re-determined PIN are the same, the returned p rivate key fa 
the private kev associated with the user; 

wherein when the returned private key and the private key associated with the 
user are different the digital signature and the digital certificate do not authenticate the user. 

1 8. (Original) llie client system of claim 1 5 further comprising means for 
receiving at least a network password associated with the user from the user, 

wherein the means for communicating the digital certificate and the digital 
signature to the authentication server also comprise means for communicating the network 
password associated with the user to the authentication server. 

19. (Original) The client system of claim 1 5 wherein the means for 
communicating the digital certificate and the digital signature to the authentication server also 
comprise means for communicating a network password associated with the user to the 
authentication server; 

the client system further comprising means for determining the network password 
associated with the user in response to at least the PIN from the user. 

20. (Currently amended) Tne client computing system of claim 15 wherein 
the client computing system is selected from the clas s a group of devices consistmp nf: d esktop 
computer, portable computer, PDA, wireless device. 

21. (New) The client computing system of claim 8 
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wherein the identity code is determined in the authentication server, and 
wherein the identity Code is not stored on the client computing system beta 
receiving the challenge from the authentication server. 
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